AYYANAR KANDAVEL
Doha,DA
Summary
Cybersecurity professional with over 13 years of experience in Security Operations Center (SOC), Incident Response, Threat Intelligence, and Malware Analysis. Proven leadership in managing SOC teams, leading major incident response efforts, and securing enterprise environments for Fortune 500 and Oil & Gas organizations. Certified GCFA and GPEN, with deep hands-on expertise in tools like QRadar, Azure Sentinel, Carbon Black EDR, and Acalvio Deception. Adept at building incident response strategies, threat hunting, and cyber defense operations.
Overview
14
14
years of professional experience
1
1
Certification
Work History
System Analyst (SOC)
QatarEnergy LNG
10.2024 - Current
- Lead incident response lifecycle, including detection, triage, containment, and recovery across global SOC environments.
- Coordinate threat intelligence integration and automate enrichment of IOCs using SIEM and SOAR platforms.
- Mentor junior analysts and lead internal training initiatives on threat hunting and forensic analysis.
- Evaluate and implement security tools (XDR, threat intel feeds, forensic suites), conducting PoCs and ROI assessments.
- Engage directly with management and external stakeholders (vendors, auditors) during audits and risk assessments.
- Developed detailed technical documentation to facilitate knowledge sharing among team members and aid in future troubleshooting efforts.
- Collaborated with upper management to drive strategy and implement new processes.
System Analyst I (SOC)
QatarEnergy LNG
01.2023 - 10.2024
- Conduct in-depth forensic analysis across packet captures, file systems, security logs, and network devices to support incident response and threat investigation.
- Develop comprehensive malware analysis reports, extracting IOCs/IOAs to assist in detection and future prevention.
- Act as a key liaison between DFIR and Threat Intelligence teams, enriching SOC alerts and threat models with actionable data and threat indicators.
- Lead and coordinate incident response activities, prioritizing threats and implementing containment and remediation actions in real-time.
- Perform proactive threat hunting using SIEM tools and advanced analytics to uncover hidden threats and reduce dwell time.
- Monitor and triage security alerts generated by SIEM and other telemetry sources, escalating critical incidents per established playbooks.
- Maintain and administer SOC tools and platforms according to security operations procedures and best practices.
- Recommend and evaluate new security tools, leading proof-of-concept (PoC) phases, vendor assessments, and technical evaluations.
- Collaborate with IT and security stakeholders to track and close incident tickets, ensuring timely resolution and documentation.
- Support security project lifecycles including requirement gathering, procurement (PR documentation), scheduling, and post-implementation reviews.
Security Consultant (SOC)
IDRAK Consultancy for Technology & Knowledge, QATAR
01.2018 - 12.2022
- Administer and optimize IBM QRadar SIEM platform, including log source onboarding, rule tuning, and performance monitoring.
- Collect and analyze logs from OS, databases, applications, proxies, and cloud services to detect anomalies and suspicious activities.
- Develop and refine correlation rules/use cases using real-world attack scenarios and MITRE ATT&CK techniques.
- Generate custom dashboards, scheduled reports, and ad-hoc queries for security monitoring, compliance, and investigations.
- Investigate and respond to security incidents such as phishing, malware infections, user policy violations, and BEC attacks; coordinate with relevant teams to ensure containment and recovery.
- Perform threat hunting using public and commercial threat intelligence feeds, and EDR tools (e.g., CrowdStrike, SentinelOne).
- Create and maintain IOC watchlists to proactively detect emerging threats in the network.
- Conduct basic reverse engineering of malware samples to identify artifacts and behavioral patterns.
- Troubleshoot log collection and parsing issues across distributed systems to ensure continuous security telemetry.
- Classify and enforce proxy URL categorization to block access to malicious or unauthorized web content.
- Document threat actor TTPs, and contribute to internal threat intelligence repositories and playbooks.
Information Security Analyst
Infosys Limited, Chennai
05.2014 - 01.2018
- Operated within the Cyber Defense Center (CDC), monitoring security infrastructure and analyzing logs to detect and respond to security incidents.
- Led a team of 10 malware analysts, providing technical guidance, mentoring, and oversight in the investigation and remediation of malware-related incidents.
- Performed in-depth malware analysis (static and dynamic) to identify Indicators of Compromise (IOCs), persistence mechanisms, and potential payloads.
- Investigated network and host-based suspicious behaviors using SIEM platforms and behavioral analytics tools.
- Responded to advanced persistent threats (APTs) using tools like FireEye NX (Network), HX (Endpoint), and MX (Email).
- Contained and mitigated malware outbreaks with minimal business disruption through coordinated response efforts.
- Played a key role in evaluating and deploying modern security technologies including Next-Gen Antivirus (NGAV), Deception Technology, and Endpoint Detection & Response (EDR).
- Conducted knowledge transfer sessions and on-the-job training for new hires and junior analysts to build team capability and ensure process consistency.
Network Security Engineer
TechMahindra Ltd, Chennai
10.2011 - 05.2014
- Configured and maintained Site-to-Site VPNs for global clients, suppliers, and dealers using Cisco Security Manager and Cisco ASA firewalls.
- Troubleshot and resolved Site-to-Site and Remote Access VPN issues to ensure secure and reliable connectivity for external stakeholders.
- Provided Tier-2/3 operational support for network and security infrastructure, performing break/fix activities to restore service and maintain system uptime.
- Managed Cisco Security Manager to monitor and administer Cisco ASA security appliances across multiple locations.
- Ensured compliance with ITIL best practices, maintaining Service Level Agreements (SLAs) and adhering to Incident Management processes for all security-related issues.
- Administered Cisco IronPort (Web Security Appliance) for internet proxy traffic filtering and resolved connectivity and access issues.
- Managed and maintained email relay servers (e.g., Mirapoint) to ensure secure and reliable mail flow within the organization.
- Monitored network infrastructure using tools like Nagios, proactively identifying issues and minimizing downtime.
- Created and maintained detailed Knowledge Base (KB) documentation for transitioned network devices, processes, and troubleshooting steps to support knowledge transfer.
- Conducted training sessions to educate team members and stakeholders on complex network environments and advanced troubleshooting methodologies.
Education
B.E - Electrical & Electronics
KLN college of Information & Technology
01.2011
H.S.C - undefined
St Mary’s Higher Secondary School
01.2007
S.S.L.C - undefined
St Mary’s Higher Secondary School
01.2005
Skills
- SOC Operations & Team Leadership
- Digital Forensics & Incident Response (DFIR)
- Threat Hunting & Threat Intelligence
- Malware Analysis & Reverse Engineering
- SIEM Management (QRadar, Sentinel)
- Endpoint Detection & Response (Carbon Black)
- Network Detection & Response (ExtraHop)
- Deception Technology (Acalvio)
- Vulnerability Management (Tenable)
- Security Architecture & PoC Implementation
- Cloud Security (Azure)
- Brand Monitoring (ZeroFox)
Accomplishments
- Reduced malware incident response time by 40% through the development of automated triage workflows and enhanced static/dynamic analysis processes.
- Led a 10-member malware analysis team, improving investigation efficiency and knowledge-sharing, which increased overall incident handling capacity by 30%.
- Successfully contained and remediated multiple high-severity malware outbreaks, minimizing business disruption and preventing lateral movement.
- Created 50+ custom SIEM use cases in IBM QRadar, enhancing detection coverage for APTs, insider threats, and phishing campaigns.
- Reduced malware incident response time by 40% through the development of automated triage workflows and enhanced static/dynamic analysis processes.
- Led a 10-member malware analysis team, improving investigation efficiency and knowledge-sharing, which increased overall incident handling capacity by 30%.
- Successfully contained and remediated multiple high-severity malware outbreaks, minimizing business disruption and preventing lateral movement.
- Created 50+ custom SIEM/EDR use cases in IBM QRadar & CarbonBlack EDR, enhancing detection coverage for APTs, insider threats, and phishing campaigns.
- Improved log ingestion rate and correlation accuracy by resolving log source integration issues and optimizing QRadar parser configurations.
Certification
- Cisco Certified Network Associate CCNA - CSCO1246576
- ITIL Foundation Certificate in IT Service Management – GR750506896AK
- Attended Access data digital forensics (FTK) Training and got certified ACE6 (Access Data Examiner)
- Carbon Black Response (CbR) Administrator Training
- Qualys Vulnerability Management
- Got trained in Malware analysis and Reverse engineering techniques
- Autopsy online Training for Digital Forensics
- Got trained in Certification of Cloud Security Knowledge (CCSK)
- Microsoft Azure Fundamentals
LNGG
English
Tamil
Disclaimer
I hereby declare that the above is true to the best of my knowledge and belief
Place: QATAR Date: 2023-03-24 (AYYANAR KANDAVEL)
Timeline
System Analyst (SOC)
QatarEnergy LNG
10.2024 - Current
System Analyst I (SOC)
QatarEnergy LNG
01.2023 - 10.2024
Security Consultant (SOC)
IDRAK Consultancy for Technology & Knowledge, QATAR
01.2018 - 12.2022
Information Security Analyst
Infosys Limited, Chennai
05.2014 - 01.2018
Network Security Engineer
TechMahindra Ltd, Chennai
10.2011 - 05.2014
H.S.C - undefined
St Mary’s Higher Secondary School
S.S.L.C - undefined
St Mary’s Higher Secondary School
B.E - Electrical & Electronics
KLN college of Information & Technology
Similar Profiles
NAZEER AHAMED SHAIKNAZEER AHAMED SHAIK
Quality Engineering Specialist at QatarEnergy LNG (Qatargas)Quality Engineering Specialist at QatarEnergy LNG (Qatargas)
Alvin PatulotAlvin Patulot
Drilling Field Safety Specialist at QatarEnergy LNGDrilling Field Safety Specialist at QatarEnergy LNG
FAROOQ KHANFAROOQ KHAN
Senior mechanical technician at QATARENERGY LNGSenior mechanical technician at QATARENERGY LNG
Delna K PoonevalaDelna K Poonevala
Cabin Service Director at Qatar AirwaysCabin Service Director at Qatar Airways
Ayoub MimouniAyoub Mimouni
Real Estate Agent at Steps Real EstateReal Estate Agent at Steps Real Estate